Good views here, and just like exam questions context is very important.
Just one thing to add on the job front if you can’t fine a specific Cybersecurity, Information Security or Assurance job out of the gate then looks for jobs that are adjacent and employers that will let you cross train over to where you want to be - perfectionism is very much the enemy of happiness.
Also if you really want certs at the outset the Security+ is a goodie or SSCP make sense, if you’ve the comprehension, knowledge and fuzzy thinking to pass CISSP without the experience as an associate then it’s not such a bad thing and you can talk about why it interested you.
Personally transitioned from a career in the military nearly twenty years ago and started out with security+ as part of a MCSE, the a load of vendor certain but I didn’t go for CISSP until I had he five years experience as I felt there was less ROI for me personally. Probably that MCSE(it was an MCSE:Security OK? :p) was the most useful to me as that was based specifically around tasks for a job, and you could quickly prove that you had an understanding of the tech, put food on my table for a coupe of years till I really knew how to do things.
These days I find most of the value from my certs is in going to meet the local chapter for a nice mutual complaining, or to laugh at vendor snake oil, but them point out that our various serpents are covered in rust, and discreetly asking asking for a quote for three years subscription to WD40 .... but there are still places where you need the cert to be considered. 🙂